It is not a secret that popular communication services are unsafe. At any time, your correspondence may be intercepted by law enforcement agencies or hackers.
In this article, I will tell what you need to remember when using various means of communication.
Voice calls and messages
End-to-end encryption can help protect your conversations and messages from the intervention of third parties. So, E2E messengers are considered the most secure. But this is not always so. Let’s consider the most popular options.
Telegram supports end-to-end encryption in its Secret Chats. It stores encrypted data about your correspondence in the cloud, which consists of numerous servers scattered across different countries with “safe” jurisdiction.
Chatting in Secret Chats is still a good option if you are paranoid. The server is not involved in the encryption process. Messages are transmitted peer-to-peer, that is, directly between the chat participants. To feel safer, you can use the self-destruction function of messages with a timer. Still, it is not good to blindly rely on Telegram.
To make it a little more secure, you and your addressee should visit the settings and do at least two things:
- Enable the password when entering the application (Privacy and Security > Passcode).
- Enable two-step authentication (Privacy and Security > Two-Step Verification).
After that, in addition to the SMS code, when you log in from a new device, the application will ask for a password that only you should know.
WhatsApp and Viber also use end-to-end encryption, but using them is not so cloudless in terms of security.
What can happen?
As soon as you write a message, your phone number immediately becomes available to all chat members. Having your phone number, it is very easy (for motivated parties) to identify and find you.
What can you do?
One solution is to use prepaid or disposable SIM cards preferably with a foreign number.
Apple also uses end-to-end encryption. When registering with iMessage, it creates two pairs of keys: private and public. The message you receive from another owner of the Apple device is sent to you in an encrypted form. It can only be decrypted using the recipient’s private key, which is stored on his device. How Apple relates to user privacy and what it will do if it receives a request from the government is described here.
However, iMessage has two drawbacks:
- You can use it only to communicate with another Apple owner.
- If you have Internet connection problems, the message will go through a regular cellular channel and will turn into your regular SMS that can be easily intercepted. To avoid turning iMessage into SMS, you can disable this feature in the settings.
Researchers from the Electronic Frontier Foundation claim that there is no single option for secure calls and messages. Even if some popular messengers do not share your private data with government authorities, this does not mean that hackers (or the state players that employ hackers) will not do this bypassing the laws.
If you need a more reliable way of communication, I recommend not only using secret chats, passwords and two-step / two-factor authentication but also consider less popular, niche applications like Signal or Confide.
Even if you use email clients like Outlook or Gmail and already enabled two-factor authentication and know that your email is encrypted using the secure SSL / TLS protocol, you cannot be sure that your recipient’s email is also secure.
- When sending sensitive information, encrypt messages using Pretty Good Privacy (PGP). This option helps transforming your message data into a meaningless set of characters that only the sender and receiver can read.
- When sending important information, always pay attention to the recipient’s domain and do not send email to a suspicious address.
- Check with the addressee in advance if he or she has not set up email forwarding to an unprotected mail service.
To start with, it is advised to minimize your stay in popular social networks. In 2017, Facebook satisfied 85% of requests coming from the US government. If you cannot live without social network (but still do not want to be hacked or get into prison) pay attention to these things:
- Your pictures;
- Comments and posts that you write;
- Posts that like;
- Posts that you share;
- Users, you are friends with.
It is better to avoid content that can be considered insulting or related to extremism. Always remember that “distribution” is the sending “illegal” information to at least one person.
More than half of all popular websites already have an HTTPS version or have completely switched to using only HTTPS. The information received and transmitted on such sites is encrypted and cannot be read by third parties. This is where the good news ends. Despite the HTTPS protocol, the fact of visiting such a site and DNS queries still remain visible to your ISP.
The remaining half of websites work using the usual HTTP protocol, providing no data encryption at all. One popular solution to this is using a VPN, which encrypts absolutely all the data received and transmitted. There is no readable information on the side of the Internet Service Provider. No one can penetrate and get in the middle between you and the target site. The only thing that ISP can see is the fact of connecting to a certain IP address on the other side (that is, to a VPN server) and nothing more. You can read more about VPN characteristics and capabilities in this Windcribe review.
When working with communication channels and transferring any data, only complex and multilevel approach to security and privacy makes sense.